Configuration Management Pack Troubleshooting

SCOM 2012 – Find Workflow From Windows Event

When you are deploying SCOM agents to many servers from a test or prod environment, it could happen that a server administrator steps up to you and tells you that he has many strange event log entries which are probably from SCOM. Like in this example here…

clip_image001

As we can easily identify there must be a a rule or monitor from a NiCE MP and in addition we got the information from the administrator that it is happen on server01. With this knowledge you can start your research. Go to Monitoring / Operations Manager / Agent Details / Agents By Version …

image

There is a task which is not very known by many people called Show Running Rules and Monitors for this Health Service…

2

After running this task you get an output like this…

image

If you expand this you will find many entries, in my case I was pretty sure it was a manually / GUI created rule / monitor therefore I was checking the sections for these entries like *UIGeneratedRule or *UIGeneratedMonitor

image

This looks promising so let’s figure out what the exact rule name is…

image

Then lets search for the company.special.nice.rule in Authoring / Management Pack Objects / Rules

image

If we check the properties of the rule we find some references to the Windows event entry description…

image

Well this is not groundbreaking stuff but I think it helps identify workflows and solve issues related to workflows.

3 Replies to “SCOM 2012 – Find Workflow From Windows Event

  1. Thanks very much for another very useful post Stefan 🙂
    Just one small point for future posts perhaps, the resolution of the screen shots is very low to cannot see the text in some of them like the opsmgr command shell for example.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.